WARNING: WE ARE
CYBER-CRIMINALS ARE ATTEMPTING TO STEAL OUR
IDENTITIES, MONEY, BUSINESS INNOVATIONS AND
EVEN OUR NATIONAL SECURITY SECRETS.
BY TOM SILVER
BASELINE JULY/AUGUST 2010
MAKE NO MISTAKE ABOUT IT: WE ARE
under attack—you, me, Google and scores
of other companies, and even the U.S. government. Cyber-criminals are attempting
to steal our identities, money, business
innovations and national security secrets.
And their attacks are growing more sophisticated and pernicious every day.
As individuals, businesses and governments, we are ill-prepared to fight cyber-attacks on any front. For example, a recently
completed four-year review of Defense
Department strategies found that large-scale cyber-attacks could massively disable
or damage the international financial, commercial and physical infrastructure.
Cyber-threats are increasingly complex,
and keeping up with the enemy’s arsenal
of weapons is not easy. New threats have
emerged, including the more recent ransom
and social networking attacks. Cyber-attacks
have outstripped most companies’ abilities’ to respond effectively, according to Deloitte’s 2010 CyberSecurity Watch
Survey. Nearly half the respondents to that survey said they
lack a plan for reporting and responding to a cyber-crime.
That’s the impetus behind a new cyber-security act, which
recently passed the House by an overwhelming majority, with
similar bills under consideration in the Senate. The Cybersecurity
Enhancement Act of 2010 calls for an extensive public and private collaboration (an estimated 85 percent of critical IT networks are privately controlled) on preparedness and restoration,
the promotion of cyber-security public awareness, education
and R&D. This includes funding scholarships for undergraduates who want to be the next generation of government cyber-warriors, as well as a major government hiring program.
Although the act is not yet law, the stage is set for sizable
growth in resources and investments. Technology executives
should begin recruiting individuals trained in cyber-security,
investing in cyber-security education, examining their infrastructure, and preparing resources to work with the government.
Many technology executives have been investing in
cyber-security for years, and have put resources into hiring,
training and educating senior management on the key issues.
Walgreens is one of many companies with a cyber swat team,
and the government spent $6 billion on cyber-security and
$356 million on research in 2009, according to the Office
of Management and Budget. But those private and public
investments have not resulted in adequate defenses.
The proposed legislation, however, entails a
quantum leap in rigor, discipline and investment.
For example, under the new bill, if your company
is deemed the owner of a critical system, you’ll have
to develop and rehearse detailed cyber-security
emergency response plans.
The purpose is to clarify roles and responsibilities and to divide authority between the government
and private sector in case of a cyber-security emergency. Also, you’ll have to use government-approved
accreditation, training and certification programs
for your staff, and your company would be subject
to twice-yearly audits, under the bill’s
With this new level of collaboration
and new standards for security, technology executives must start preparing
and investing. Additional, ongoing
resources will probably be needed to
manage the relationship with the government, make new hires, underwrite
training programs, and create new systems for enhanced
detection, defense, reporting and restoring operations.
If you’re a technology leader at a less-critical company,
your government involvement won’t be as great, but you
will likely have to improve your security to reach new, far-tougher standards. You may need to augment your staff with
experts in network security, data security, security architecture, Internet security or other positions. And you’ll need
to train staff on the ongoing intricacies of cyber-crime and
cyber-terrorism—and keep training them.
As you might expect, it’s not going to be easy or cheap
to dramatically improve cyber-defenses. CIOs are already
complaining that anyone with the word “cyber” on his or her
resume commands a 20 percent higher salary.
The scramble for talent is under way. The U.S. Department
of Homeland Security has an aggressive program to hire 1,000
security experts. On Clearancejobs.com, a site for professionals
with active federal security clearance, 5 percent of the jobs
posted are related to cyber-security. On Dice.com, a career site
for technology workers, knowledge of security is a minimum
requirement in nearly 20 percent of the jobs posted.
If we need a catch-phrase to sum up what’s coming, we
could dub the next 10 years the “cyber-warrior decade.” 3
Tom Silver is senior vice president, North America, of Dice Holdings
Inc., a provider of career Websites. He has more than 20 years of
marketing and management experience.